Digital Forensics and Malware Analysis

Evidence that fights back. Our forensic and malware analyses have helped victims of infamous hacker groups come out as victors in courts of law. Our experts can do the same for your company.

Get help now

The largest digital forensic laboratory in Eastern Europe

15 years of expertise in e‑discovery and malware analysis

1000+ successful investigations around the globe

Proprietary training course, acclaimed by Interpol & Europol

Group-IB difference

The company has grown out of the cyber detective agency, preserving the goal-oriented approach. We take the responsibility getting the data you need to pursue the attackers and come out as victors in courts of law.

Our multiple data sources and proprietary investigational tools enable us to work on complex and knowledge-intensive cases. We boast unparalleled expertise when it comes to dealing with threats from the Russian-speaking world.

Valery Baulin

Head of Digital Forensics Lab

Multiple levels of analysis

Get additional levels of the evidence analysis: world-class Threat Intelligence and cutting-edge technologies to investigate the tactics and infrastructure of the attack.

Team reinforcement

Have trusted advisors you can turn to in any case: whether it is a one-time request for expertise, support in the investigation or supporting the evidence in court.

Our Laboratory provides a full range of high-expertise services

Digital Forensics

Mobile forensic systems for correct seizure and copying of information for forensic examinations initiated independently or by law enforcement agencies

Malware Analysis

Unique tools for detecting malware and traces of hacker attacks, including those among deleted and encrypted data

Group-IB analysts from Forensic Laboratory use the hi-tech equipment to search for malware on HDD firmware level. This allows revealing hidden subpartitions, where malicious programs hide from formatting and other traditional methods for disk cleaning.

We examine malware considering the confidentiality requirements, such as blocking any network interactions of harmful programs. You get a comprehensive diagnosis and recommendations on further steps without additional risks.

Collectionof digital evidence

Correctly collected and documented digital evidence base for further investigation or case preparation for the court

Correctly collected and documented digital evidence base for further investigation or case preparation for the court

20% of in-house investigations face challenges at the stage of interaction with law enforcement agencies due to mistakes in digital evidence gathering and documentation. Group-IB’s forensic experts:

Provide preliminary consultation

Organize a prompt visit to the incident location

Determine the evidence information sources

Collect and document the evidence in compliance with the law requirements

Prepare the documentation to present the evidence correctly

Consult with authorized representatives about measures needed to stop the incident

How we can help you

Trust an investigation to top tier experts

It can be difficult to attract in-house digital forensic specialists and continuously develop their skills. Group IB’s experts are steeped in threat intelligence and can complement your team’s efforts anywhere in the world

Provide accurate information about the incident

We reconstruct incident timelines and provide insights into the motivation behind the attack and the level of employee involvement. Our work complies with government regulations, such as GDRP and CERT requirements.

Detect residual malicious code in your network

We help to identify the scope of compromise correctly, detect all the affected devices and help to clear the network. It is critical to be sure the incident response team didn't miss anything to prevent further attacks.

Put up actionable digital evidence

Specialists with 10+ years experience collect digital evidence without affecting data integrity, preserve and analyze it. This provides a basis and data for further investigation.

Help to build a strong case for court

Prepare your legal team and build your case in court. GIAC certified our specialists in Digital Forensics and Malware Analysis. Their reports are admissible in international courts.

Reinforce and educate your team

Add to the competences of your information security specialists outsourcing the malware analysis and forensic examinations. Leverage our advanced knowledge of digital forensics to train your team as well.

Contact us

Proprietary educational course

Group-IB has successfully introduced and provided our forensic specialists with resources to support our work. The workshop was both enjoyable and highly informative.

Get the new skills

Group-IB forensic specialists developed an educational course that helps cyber-security professionals hone their skills in areas ranging from preserving evidence and hunting down threats, to reverse engineering.

200+ training sessions

Our specialists trained the law enforcement agencies, corporate security teams and universities internationally, as well as the experts of Group-IB official partners, Interpol and Europol.

Group-IBDigital forensics and malware analysis

Analyzes

malware rapidly and detects trails leading to the attackers

Links and correlates

evidence with criminalprofiles

Recreates

timelines of the incident and motivations behind the attack

Supports

every stage in the presentation of evidence, questioning, and in trial

Educates

professionals in digitalforensics

Gathers and recovers

evidence you can use for private investigations or in court

In synergy with Threat Intelligence

Group-IB Threat Intelligence is a state-of-the-art network that works in synergy with digital forensics. By juxtaposing evidence with the latest threat data, we speed up the research process and correlate cases with criminal profiles. It allows to get some analysis results, such as preliminary malware data, within a few hours after the evidence is collected.

Huge database

100,000+ criminal profiles that can be matched to your case

Structured data

Data, related to security, is relentlessly gathered since 2003

International recognition

Threat intelligence recognized in Gartner, IDC, Forrester reports

Malware code analysisThorough malware analysis is vital in investigating complex attacks. Our analysts go through vast amounts of real malware samples daily and hold the internationally recognized GIAC certification in Digital Forensics and Malware Analysis. We regularly share threat research on the activities of the infamous hacker teams which is based on the findings of the malware analysis team.More Threat Research

Partnerships and certification

Official Еuropol (2015) and INTERPOL (2017) partner

Recommended by the Organization for Security and Cooperation in Europe (OSCE)

Certified by GIAC in Digital Forensics and Malware Analysis

We will make sure you follow the right traces and don’t overlook valuable evidenceContact us

Get immediate assistance from the largest Forensic Laboratory in Eastern Europe.

Digital Forensics

Mobile forensic systems for correct seizure and copying of information for forensic examinations initiated independently or by law enforcement agencies

Advantages of Group-IB forensic examinations:

We extract the maximum useful information from objects under examination and interpret the collected evidence accurately and comprehensively.

We guarantee that opinions of our forensic specialists will be accepted by courts as adequate evidence for civil, administrative and criminal proceedings.

All the examinations are conducted within time limits specified when materials are submitted for analysis.

Clientless MalwareDetection

Clientless Malware Detection

Unique tools for detecting malware and traces of hacker attacks, including those among deleted and encrypted data

Group-IB analysts from Forensic Laboratory use the hi-tech equipment to search for malware on HDD firmware level. This allows revealing hidden subpartitions, where malicious programs hide from formatting and other traditional methods for disk cleaning.

We examine malware considering the confidentiality requirements, such as blocking any network interactions of harmful programs. You get a comprehensive diagnosis and recommendations on further steps without additional risks.

Collection of digitalevidence

Collection of digital evidence

Correctly collected and documented digital evidence base for further investigation or case preparation for the court

20% of in-house investigations face challenges at the stage of interaction with law enforcement agencies due to mistakes in digital evidence gathering and documentation. Group-IB’s forensic experts:

Provide preliminary consultation

Organize a prompt visit to the incident location

Determine the evidence information sources

Collect and document the evidence in compliance with the law requirements

Prepare the documentation to present the evidence correctly

Consult with authorized representatives about measures needed to stop the incident